Cyber Incident Victim: Garanti BBVA
Date:
Oct 2019
Location:
Turkey
Summary
A distributed denial-of-service (DDoS) attack targeted a major Turkish bank and the country's largest telecommunications provider, causing widespread internet disruptions. The bank experienced intense traffic leading to access issues, particularly for international users, but confirmed customer data remained secure. The telecommunications company's cybersecurity team swiftly mitigated the attack, restoring normal traffic flow through defensive measures. The incident involved approximately 100 gigabytes per second of malicious traffic, with sources indicating the attacks originated from multiple foreign countries.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On October 28, 2019, Turkish officials attributed nationwide internet disruptions to cyberattacks targeting Türk Telekom, Garanti BBVA, and other institutions the previous day. Türk Telekom, Turkey’s largest internet service provider, experienced attacks that disrupted incoming and outgoing internet traffic, impacting multiple organizations. Yusuf Kıraç, Türk Telekom’s deputy technology director, confirmed cybersecurity experts intervened to halt the attacks and restore normal operations, emphasizing the company’s preparedness with what he described as Turkey’s largest cybersecurity department. Concurrently, Garanti BBVA, a major Turkish bank, reported intense traffic overwhelming its digital services, leading to customer access disruptions. The bank acknowledged a distributed denial-of-service (DDoS) attack in a public statement but assured customers that privacy and financial security were not compromised. While domestic access was restored, international users faced lingering connectivity issues to the bank’s digital platforms, with technicians actively working to resolve them. Cybersecurity experts cited in media reports characterized the attack as relatively small-scale, estimating its volume at approximately 100 gigabytes per second. Initial analyses suggested the attacks originated from foreign infrastructure, with the Sabah newspaper identifying the United States, Canada, Russia, and China as primary sources. Türk Telekom reiterated its confidence in its defensive capabilities, noting that similar attacks were commonplace globally and required robust preparation. The incident mirrored prior disruptions in Turkey, including a 2015 DDoS campaign affecting over 400,000 .tr-domain websites, though no direct link was established between these events.
The attacks prompted coordinated responses from affected entities. Türk Telekom implemented unspecified technical measures across its network to mitigate the attack’s impact and collaborated with other service providers to bolster collective defenses. Garanti BBVA issued public communications via Twitter and formal statements to inform customers about the disruption’s cause and remediation progress. Both organizations emphasized operational normalization while acknowledging the persistent challenge of transnational cyber threats. No data breaches or financial losses were reported, with Garanti BBVA explicitly confirming the integrity of customer information. Media coverage highlighted Turkey’s historical vulnerability to cyber campaigns, referencing a 2018 North Korean malware operation targeting its financial sector and Anonymous-led attacks against government infrastructure in preceding years. However, officials did not attribute the October 2019 incident to any specific threat actor or group. The disruption underscored the interdependence of critical infrastructure providers, as Türk Telekom’s role as a backbone operator amplified the attack’s nationwide effects. Service providers and financial institutions maintained public assurances of resilience, framing the event as a manageable incident within broader cybersecurity trends.